E-Mail:

Two Samba 3.x Denial of Service Vulnerabilities

Monday, September 13th, 2004
by Marc Erickson

Samba 3.x SMBD Remote Denial of Service Vulnerability

An unauthenticated remote user can cause a resource exhaustion attack by sending multiple malformed requests to an affected server. Each request spawns a new process, which enters an infinite loop….

This attack takes very little bandwidth to cause the machine to stop
responding. Each request from the exploit tested was only 358 bytes, and a Redhat Fedora Core 1 machine with 512 megabytes of RAM and 512
megabytes of swap took fewer than 4000 requests to render it unusable….

iDEFENSE has confirmed Samba 3.0.2 and 3.0.4 are vulnerable.

The vendor has confirmed that Samba 3.0.x prior to and including v3.0.6 are vulnerable.

Restricting access to the server by using the “hosts allow” setting in
smb.conf and/or applying firewall rules may help mitigate this
vulnerability.

The patch file for Samba 3.0.5 addressing [the] bug (samba-3.0.5-DoS.patch) can be downloaded from…

Samba nmbd Invalid Length Denial of Service Vulnerability

Remote exploitation of an input validation error in Samba allows an
attacker to crash the Samba nmbd server. The nmbd is a server, typically listening on UDP port 138, understands and can reply to NetBIOS over IP name service requests, and participates in the browsing protocols that comprise the Windows “Network Neighborhood” view. Due to an input validation error, a malformed UDP packet can cause the nmbd server to crash while attempting to access memory outside of what is available….

iDEFENSE has confirmed Samba 3.0.2 is vulnerable. Analysis of the
source suggests that version 3.0.4 is also vulnerable. Samba 2.x does
not include the affected code and, therefore, is not affected by this
vulnerability. The line ‘domain logons = yes’ must also occur in
smb.conf for this issue to be exploitable. Note that removal of this
line from the configuration file, although it will prevent exploitation, may also affect the Samba server’s functionality.

The vendor has confirmed that Samba 3.0.x prior to and including v3.0.6 are vulnerable….

The patch file for Samba 3.0.5 addressing [the] bug (samba-3.0.5-DoS.patch) can be downloaded from…

What Do You Think?

 

Want to Start a Blog Here for Free?

Are you an expert in one subject or another? If your goal is to help others and dispense hard-earned information back to the community, stake a claim on your very own Lockergnome blog today! You can write about anything - no matter the topic. Sign-up to start blogging!

How-To, Linux - Aug 6, 2008

How To Configure Wireless Internet In Linux

Download, Feedback - Mar 3, 2008

Interesting Links For Linux Users

Open Source - Dec 6, 2007

How to Create a Custom Ubuntu LiveCD

Tip - Nov 27, 2007

Ubuntu Wired Networking Woes? Read This Closely

66 queries / 0.640 seconds.